How to Cut Health Costs by Millions and Stay Out of Prison

ANN ARBOR, Mich.--(BUSINESS WIRE)--A tiny USB drive stolen from the car of an Alaska health worker
wound up costing
the state of Alaska $1.7 million in federal fines last July. Will your
organization be protected when enforcement of health privacy laws
skyrockets in 2013?

Online Tech announced today it is the first data center operator
to have its data centers and cloud computing infrastructure voluntarily
audited to the U.S. Office for Civil Rights (OCR) HIPAA Audit Protocol.

“For the Department of Health and Human Services and OCR this
isn’t a joking matter anymore – you will comply,’’ said Nate Buchholz,
Information Services Director at Genesys Physician Hospital Organization
(PHO). “We have five FTEs all dedicated to securing our infrastructure.
Online Tech is our data center colocation partner: they keep our lights
on.’’ With the federal enforcement soaring in 2013, Buchholz said health
providers are turning to Online Tech because “they take security
seriously.’’

“We provide cloud hosting for healthcare clients from across the
country,” said Mike Klein, CEO of Online Tech. “These clients need the
assurance that the data centers and the cloud infrastructure where they
are hosting PHI (Protected Health Information) are audited to the
requirements of HHS and Office for Civil Rights. None of our clients
want to be fined by the Office for Civil Rights because their hosting
provider failed to live up to the OCR audit requirements.”

UHY Advisors, LLP recently completed Online Tech’s independent
third-party HIPAA attestation on the company’s cloud infrastructure and
all three data centers. Online Tech and UHY agreed to use the newly
established OCR
guidelines that all healthcare and health IT companies
will face from the Office of Civil Rights starting in 2013.

Online Tech is not a covered entity, but rather a business
associate (an organization providing a service to a covered entity).
Although the initial audit program only applies to covered entities,
Online Tech decided to proceed with an independent attestation using the
new guidelines.

The American Recovery and Reinvestment Act of 2009 requires the
Department of Health and Human Services (HHS) to perform periodic audits
of covered entities and business associates to determine if they are
complying with HIPAA requirements. A November 2011 to December 2012 HHS
Office for Civil Rights pilot program selected 115 organizations across
the country to undergo the scrutiny of privacy, security, and breach
notification audits by KPMG.

The OCR does not plan to penalize targets for pilots unless they
uncover “serious compliance issues.” The HITECH Act has civil penalties
for HIPAA violations that can reach $50,000 per violation and up to $1.5
million for identical violations across multiple records in a single
calendar year.

In June 2012, the OCR released a copy of the protocol it is using
to audit HIPAA compliance under their pilot program. The protocol
provides a breakdown of specific audit criteria they are using for HIPAA
audits. The protocol includes 169 specific performance criteria
organized around compliance in three areas: the HIPAA Privacy Rule,
Security Rule, and Breach Notification Rule.

HIPAA data center compliance is no small investment. Data center
operators must not only deliver the technology to meet the
administrative, physical and technical safeguards required by the HIPAA
security rule, they must also invest in policies, training, breach
notification processes, legal support for business associates
agreements, and HIPAA insurance. In addition, the organization must
commit to consistently monitoring the safeguards and processes to ensure
the security of the electronic protected health information (ePHI).

In 2011, Online Tech became the first data center operator to be
independently audited for HIPAA compliance. This year, Online Tech
decided it wanted to be the first data center operator independently
audited against the OCR HIPAA Audit Program Protocol.

“It was a commitment and investment we knew we had to make to
serve the best interest of our healthcare clients,” Klein said.

About Online Tech

Online
Tech, Michigan’s largest managed data center is
becoming the largest in the Midwest, expanding into at least four new
markets. The “Fort Knox’’ for data is known for complete redundancy -
“backups for everything” - from multiple back-up generators and backup
systems to locations straddling two power grids and even two CEOs.